From 083cba0b87a090d4948cea202044ce8e3e27aa30 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 20 Dec 2025 10:53:39 -0500 Subject: [PATCH] Fixed more advisories with problem URLs --- gems/bundler/CVE-2020-36327.yml | 3 ++- gems/logstash/CVE-2014-4326.yml | 3 +-- gems/passenger/CVE-2018-12026.yml | 2 +- gems/passenger/CVE-2018-12029.yml | 2 +- gems/spree/CVE-2010-3978.yml | 2 +- rubies/jruby/CVE-2010-1330.yml | 2 +- rubies/jruby/CVE-2011-4838.yml | 2 +- rubies/jruby/CVE-2012-5370.yml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/gems/bundler/CVE-2020-36327.yml b/gems/bundler/CVE-2020-36327.yml index 54db49f45f..525e50ccf1 100644 --- a/gems/bundler/CVE-2020-36327.yml +++ b/gems/bundler/CVE-2020-36327.yml @@ -3,7 +3,7 @@ gem: bundler cve: 2020-36327 ghsa: fp4w-jxhp-m23p date: 2020-09-30 -url: https://github.com/rubygems/rubygems/issues/3982 +url: https://github.com/advisories/GHSA-fp4w-jxhp-m23p title: Dependency Confusion in Bundler with Implicit Private Dependencies description: | Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a @@ -28,3 +28,4 @@ related: - https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/ - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24105 - https://github.com/rubygems/rubygems/pull/4609 + - https://github.com/advisories/GHSA-fp4w-jxhp-m23p diff --git a/gems/logstash/CVE-2014-4326.yml b/gems/logstash/CVE-2014-4326.yml index 0164cdcba3..314223e567 100644 --- a/gems/logstash/CVE-2014-4326.yml +++ b/gems/logstash/CVE-2014-4326.yml @@ -2,7 +2,7 @@ gem: logstash cve: 2014-4326 ghsa: 8qhq-rq4j-8prj -url: https://www.elastic.co/community/security +url: https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2 title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands date: 2022-05-14 description: | @@ -17,7 +17,6 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2014-4326 - - https://www.elastic.co/community/security - https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2 - https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded - https://github.com/advisories/GHSA-8qhq-rq4j-8prj diff --git a/gems/passenger/CVE-2018-12026.yml b/gems/passenger/CVE-2018-12026.yml index eb5583a9e8..02934cdcd7 100644 --- a/gems/passenger/CVE-2018-12026.yml +++ b/gems/passenger/CVE-2018-12026.yml @@ -2,7 +2,7 @@ gem: passenger cve: 2018-12026 ghsa: 7cv3-gvmc-8mq5 -url: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ +url: https://github.com/advisories/GHSA-7cv3-gvmc-8mq5 title: SpawningKit exploits date: 2018-06-12 description: | diff --git a/gems/passenger/CVE-2018-12029.yml b/gems/passenger/CVE-2018-12029.yml index 8b61fb46e5..4152aaf357 100644 --- a/gems/passenger/CVE-2018-12029.yml +++ b/gems/passenger/CVE-2018-12029.yml @@ -2,7 +2,7 @@ gem: passenger cve: 2018-12029 ghsa: jjcj-fgfm-9g9r -url: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ +url: https://github.com/advisories/GHSA-jjcj-fgfm-9g9r title: CHMOD race vulnerability date: 2018-06-12 description: | diff --git a/gems/spree/CVE-2010-3978.yml b/gems/spree/CVE-2010-3978.yml index 769b27ea5f..23ee17d103 100644 --- a/gems/spree/CVE-2010-3978.yml +++ b/gems/spree/CVE-2010-3978.yml @@ -3,7 +3,7 @@ gem: spree cve: 2010-3978 osvdb: 69098 ghsa: hwrx-wc75-mgh7 -url: https://spreecommerce.com/blog/json-hijacking-vulnerability +url: https://github.com/advisories/GHSA-hwrx-wc75-mgh7 title: Spree Multiple Script JSON Request Validation Weakness Remote Information Disclosure diff --git a/rubies/jruby/CVE-2010-1330.yml b/rubies/jruby/CVE-2010-1330.yml index 79a6aa92bc..b1c43e897d 100644 --- a/rubies/jruby/CVE-2010-1330.yml +++ b/rubies/jruby/CVE-2010-1330.yml @@ -2,7 +2,7 @@ engine: jruby cve: 2010-1330 osvdb: 77297 -url: http://jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability +url: https://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability title: 'CVE-2010-1330 jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences' date: 2010-04-26 diff --git a/rubies/jruby/CVE-2011-4838.yml b/rubies/jruby/CVE-2011-4838.yml index 9e6182f3e6..5773320baa 100644 --- a/rubies/jruby/CVE-2011-4838.yml +++ b/rubies/jruby/CVE-2011-4838.yml @@ -2,7 +2,7 @@ engine: jruby cve: 2011-4838 osvdb: 78116 -url: http://jruby.org/2011/12/27/jruby-1-6-5-1 +url: https://www.jruby.org/2011/12/27/jruby-1-6-5-1 title: "CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)" date: 2011-12-27 description: | diff --git a/rubies/jruby/CVE-2012-5370.yml b/rubies/jruby/CVE-2012-5370.yml index 422ffc8a5e..949f2d9135 100644 --- a/rubies/jruby/CVE-2012-5370.yml +++ b/rubies/jruby/CVE-2012-5370.yml @@ -2,7 +2,7 @@ engine: jruby cve: 2012-5370 osvdb: 87864 -url: http://jruby.org/2012/12/03/jruby-1-7-1 +url: https://www.jruby.org/2012/12/03/jruby-1-7-1 title: "CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)" date: 2012-11-23 description: |